Submitted by Heather MacKenzie on Mon, 2015-01-26 06:27
Submitted by Heather MacKenzie on Wed, 2015-01-21 05:38
This blog is the last one from me as a member of the company that manufactures and sells Tofino Security products. Joann Byres (Tofino co-founder and Belden Vice President) and I are retiring from the Tofino Security group at Belden effective January 30, 2015.
Submitted by Heather MacKenzie on Fri, 2014-08-08 10:53
The age of malware specifically targeting industrial control systems (ICS) began in 2010 when Stuxnet was revealed to be disrupting operations at one of Iran’s nuclear enrichment facilities. Since that shock, we have seen advanced malware, such as Flame and Duqu, target energy companies for espionage purposes.
Submitted by Eric Byres on Tue, 2014-07-29 08:02
When I started Tofino Security in 2006, my two goals were to make industrial cyber security easy to deploy and better suited for the real needs of mission critical networks. Our first generation products went a long way in doing that, but like any initial offerings they reflected a limited feedback loop from users in the field.
Today I am proud to say that we have integrated lessons learned over the last eight years to deliver Tofino 2.0, our next generation of industrial cyber security solutions.
Tofino 2.0 is a suite of products and services that includes:
Submitted by Eric Byres on Wed, 2014-06-25 12:14
If you are a regular follower of this blog, you’ve probably noticed that I haven’t been writing much in the past few months. I have simply been too busy, traveling and speaking at some really great security conferences.
Submitted by Heather MacKenzie on Wed, 2014-05-14 21:10
Author Mike Miclot
Nobody likes the job of replacing a good team member when they retire. Yet, that is the job the manufacturing industry is faced with as a trusted component of the industrial application ecosystem steps down from active duty. That component is the Windows XP operating system (OS), a workhorse of a product that is pervasive in factories, energy facilities and many critical infrastructure systems around the world.
Submitted by Heather MacKenzie on Wed, 2014-05-14 11:14
Submitted by Heather MacKenzie on Thu, 2014-03-20 21:00
You have likely never worried about the possibility of a high school geek doing some programming that affects your home water quality. Well, neither had I until I learnt that some municipal networks have no security between the network their schools use and the one that runs their water/wastewater facility.
Submitted by Heather MacKenzie on Wed, 2014-02-26 21:00
One of the major differences between industrial networks and enterprise networks is that industrial networks are typically managed by engineers or technicians. Now engineers are experts at making good product, designing control loops and so on, but they are not IT security wizards. That's the reality, and it means that security products that "just work" reliably and safely with automation systems are going to be more effective in actually delivering security than products that don't.
Submitted by Heather MacKenzie on Tue, 2013-12-17 10:38
Submitted by Eric Byres on Mon, 2013-09-09 15:51
In a recent blog article – Chicken, Egg, and Chicken Omelette with Salsa – Dale Peterson is squawking like a rooster. Nothing new, but this time his message is scrambled. He once again referred to me as a SCADA Apologist, though this time he also labeled me the “salsa” that accompanies a chicken omelette.
Submitted by Eric Byres on Fri, 2013-05-03 16:38
Submitted by thomas.nuth on Thu, 2013-04-18 21:00
Three years ago, the concept of industrial cyber security became a popular discussion topic within the industrial networking community. Now the discussion has risen to the level of heads of state within the international community. The Executive Order – Improving Critical Infrastructure Cybersecurity signed by President Obama in February of this year is just one indication of the importance being attached to this issue.
Submitted by Eric Byres on Thu, 2013-04-11 15:43
In my last blog, I shared some secrets on how to successfully use patching in SCADA and control systems.
This week, I’ll look at the pros and cons of using compensating controls as an alternative to patching, and discuss the requirements for success.
Submitted by Eric Byres on Thu, 2013-04-04 16:17
Submitted by Eric Byres on Tue, 2013-03-26 12:11
In my last blog, I discussed the reasons why critical industrial infrastructure control systems are so vulnerable to attacks from security researchers and hackers, and explained why patching for such systems is not a workable solution.
Submitted by Eric Byres on Thu, 2013-03-14 16:40
As regular readers of this blog know, after Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure.
Unfortunately, the Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) applications they are now focusing on are sitting ducks.
Submitted by Eric Byres on Thu, 2013-03-07 15:25
Last week I received am email (shown further down on this page) purporting to be from the US Internal Revenue Service (IRS).
Submitted by ghale on Thu, 2013-02-28 15:39
Editor’s Note: This is an excerpt from ISSSource.
It wasn’t that long ago when cyber security seemed like a foreign language to those folks entrusted with running companies. It was not like they didn’t know about it, but it just was not top of mind.
Not anymore.
With cyber threats evolving to the point where they are affecting their companies and their customer’s companies, chief executives are taking a new look and approach to how they attack cyber security.
Submitted by Bob Lockhart on Mon, 2013-02-18 13:03
Editor's Note: this is an excerpt from the Pike Research Blog.
The story goes that a group of business people were stranded on a desert island with a bountiful supply of canned and therefore imperishable food, but no way to open the cans. As the group struggled to find a solution the lone economist in the group piped up, “Assume a can opener…”
Pages